CN112243000B

CN112243000B - Application data processing method and device, computer equipment and storage medium

Info

Publication number: CN112243000B
Application number: CN202011073596.XA
Authority: CN
Inventors: 吴官清
Original assignee: Beijing Dajia Internet Information Technology Co Ltd
Current assignee: Beijing Dajia Internet Information Technology Co Ltd
Priority date: 2020-10-09
Filing date: 2020-10-09
Publication date: 2023-04-25
Anticipated expiration: 2040-10-09
Also published as: CN112243000A

Abstract

The present disclosure relates to a method, an apparatus, a computer device, and a storage medium for processing application data, where service parameters in a service request are decrypted by responding to the service request of a client to obtain plaintext data of the service parameters, and a service response message is generated according to the plaintext data of the service parameters, so as to detect whether a current state of a system meets a key update condition, and if the current state of the system meets the key update condition, an update key corresponding to the service response message is determined, and the service response message is encrypted by using the update key to obtain response encrypted data, so that response encrypted data and the update key are returned to the client. Under the condition that the current state of the system meets the key updating condition, the service response message is encrypted by adopting the updating key, so that the security of data in the transmission process is improved, and the condition that the key is fixed and is not easy to be acquired by an attacker to implement attack in the traditional technology is avoided.

Description

Application data processing method and device, computer equipment and storage medium

Technical Field

The disclosure relates to the technical field of information security, and in particular relates to a processing method, a device, computer equipment and a storage medium of application data.

Background

With the development of internet technology, the security of information transmission in a network is increasingly receiving attention from users. Currently, in order to prevent an attacker from performing application attack by modifying application data (including a service request instruction of an application and a service response message generated based on the service request instruction) transmitted in a network, the transmitted application data is generally processed or controlled by a code confusion technology or a password encryption technology, etc.

However, for code obfuscation techniques, some of the logic in the application data, or the names of various elements such as variables, functions or classes are rewritten to meaningless names, typically by rewriting the code, so that the reader cannot guess its purpose from the names, but it can only work on the white-box code audit level, without any effect on the black-box penetration test. However, since the key used by both parties involved in encryption and decryption in symmetric encryption is fixed, key leakage is easily caused in the process of transferring and storing the key, and once the key is known by an attacker, the risk of application attack is very easy to occur. Therefore, the existing processing mode of the application data cannot meet the security of the application data in the transmission process.

Disclosure of Invention

The disclosure provides a processing method, a device, a computer device and a storage medium for application data, so as to at least solve the problem of low safety of the application data in the transmission process in the related technology. The technical scheme of the present disclosure is as follows:

according to a first aspect of an embodiment of the present disclosure, there is provided a method for processing application data, including:

responding to a service request of a client, decrypting service parameters in the service request to obtain plaintext data of the service parameters;

generating a service response message according to the plaintext data of the service parameter;

detecting whether the current state of the system meets the key updating condition or not;

under the condition that the current state of the system accords with the key updating condition, determining an updating key corresponding to the service response message, and encrypting the service response message by using the updating key to obtain response encrypted data;

and returning the response encrypted data and a refreshing key to the client, wherein the refreshing key is used for decrypting the response encrypted data.

In one embodiment, the encrypting the service response message using the update key includes: inserting disturbing parameters into the service response message to obtain a disturbed service response message, wherein the disturbing parameters are generated by carrying out semantic recognition on effective response parameters preset in the service response message; and encrypting the scrambled service response message by using the updated key.

In one embodiment, the inserting the scrambling parameter in the service response message includes: acquiring preset effective response parameters in the service response message; carrying out semantic recognition on the effective response parameters, and generating corresponding disturbance parameters according to semantic recognition results of the effective response parameters; inserting the scrambling parameter in the service response message.

In one embodiment, the generating the corresponding disturbing parameter according to the semantic recognition result of the valid response parameter includes: splitting the effective response parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective response parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or, identifying the format of the characters in the effective response parameters, performing format conversion on the characters in the effective response parameters, and generating the disturbing parameters according to the characters after format conversion.

In one embodiment, the detecting whether the current state of the system meets the key update condition includes: acquiring the type of a client currently sending the service request, and if the type of the client is changed, detecting that the current state of the system meets a key updating condition; or acquiring the receiving time of the service request, and detecting that the current state of the system meets the key updating condition when the receiving time is matched with the key updating time.

In one embodiment, the determining the update key corresponding to the service response message when the current state of the system meets the key update condition includes: when detecting that the type of the client currently sending the service request is changed, acquiring a first key set corresponding to the type of the client; randomly screening a target key from the first key set as an updated key corresponding to the service response message.

In one embodiment, the determining the update key corresponding to the service response message when the current state of the system meets the key update condition includes: and randomly screening a target key from a preset second key set as an updated key corresponding to the service response message when the fact that the receiving time of the service request is matched with the key updating time is detected.

According to a second aspect of the embodiments of the present disclosure, there is provided a method for processing application data, including:

responding to a service request of a target account, and sending the service request to a server;

receiving response encryption data and an update key returned by a server according to the service request, wherein the response encryption data is obtained by encrypting a service response message by the server by using the update key, the service response message is generated by the server according to plaintext data of service parameters, the plaintext data of the service parameters are obtained by decrypting the service parameters in the service request, and the update key is generated by the server under the condition that the current state of the system is detected to be in accordance with a key update condition;

And carrying out corresponding service processing on the response encrypted data according to the response encrypted data and the updating key.

In one embodiment, the sending the service request to the server includes: inserting disturbing parameters into the service request to obtain a disturbed service request, wherein the disturbing parameters are generated by carrying out semantic recognition on effective service parameters preset in the service request; encrypting the scrambled service request by using a preset secret key; and sending the scrambled and encrypted service request to the server.

In one embodiment, the inserting the disturbing parameter in the service request includes: acquiring preset effective service parameters in the service request; carrying out semantic recognition on the effective service parameters, and generating corresponding disturbing parameters according to semantic recognition results of the effective service parameters; inserting the scrambling parameter in the service request.

In one embodiment, the generating the corresponding disturbing parameter according to the semantic identification result of the valid service parameter includes: splitting the effective service parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective service parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or, identifying the format of the characters in the effective service parameters, performing format conversion on the characters in the effective service parameters, and generating the disturbing parameters according to the characters after format conversion.

In one embodiment, the performing corresponding service processing on the response encrypted data according to the response encrypted data and the update key includes: acquiring a data processing mode of the response encrypted data according to the type of a data interface of the response encrypted data returned by the server; if the data processing mode of the response encrypted data is data verification, verifying the response encrypted data according to the response encrypted data and the updating key; if the data processing mode of the response encrypted data is display, decrypting the response encrypted data according to the updated key and displaying the decrypted response encrypted data; and if the data processing mode of the response encrypted data is storage, storing the response encrypted data and the updating key.

In one embodiment, the verifying the response encrypted data according to the response encrypted data and the update key includes: acquiring an estimated value of the service response message generated by the server according to the service request; encrypting the estimated value of the service response message by adopting the updated key to obtain encrypted response estimated encryption data; if the response estimation encryption data is matched with the response encryption data, verifying the response encryption data; and if the response estimation encryption data is not matched with the response encryption data, the verification of the response encryption data is not passed.

According to a third aspect of the embodiments of the present disclosure, there is provided an apparatus for processing application data, including:

the service parameter acquisition module is configured to execute a service request responding to the client, and decrypt the service parameters in the service request to obtain plaintext data of the service parameters;

a service response message generation module configured to execute plaintext data according to the service parameter, generating a service response message;

the detection module is configured to execute detection on whether the current state of the system meets the key updating condition;

the encryption processing module is configured to determine an update key corresponding to the service response message under the condition that the current state of the system meets the key update condition, and encrypt the service response message by using the update key to obtain response encrypted data;

and a data transmitting module configured to perform transmission of the response encrypted data and a refreshing key for decrypting the response encrypted data to the client.

In one embodiment, the encryption processing module includes: a disturbing parameter inserting unit configured to insert a disturbing parameter into the service response message to obtain a disturbed service response message, wherein the disturbing parameter is generated by performing semantic recognition on an effective response parameter preset in the service response message; and an encryption unit configured to perform encryption of the scrambled service response message using the update key.

In one embodiment, the scramble parameter insertion unit includes: an effective response parameter obtaining subunit configured to perform obtaining an effective response parameter preset in the service response message; a disturbing parameter generating subunit configured to perform semantic recognition on the effective response parameters, and generate corresponding disturbing parameters according to the semantic recognition result of the effective response parameters; a scrambling parameter insertion subunit configured to perform insertion of the scrambling parameter in the service response message.

In one embodiment, the scrambling parameter generating subunit is configured to perform: splitting the effective response parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective response parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or, identifying the format of the characters in the effective response parameters, performing format conversion on the characters in the effective response parameters, and generating the disturbing parameters according to the characters after format conversion.

In one embodiment, the detection module is configured to perform: acquiring the type of a client currently sending the service request, and if the type of the client is changed, detecting that the current state of the system meets a key updating condition; or acquiring the receiving time of the service request, and detecting that the current state of the system meets the key updating condition when the receiving time is matched with the key updating time.

In one embodiment, the encryption processing module is further configured to perform: when detecting that the type of the client currently sending the service request is changed, acquiring a first key set corresponding to the type of the client; randomly screening a target key from the first key set as an updated key corresponding to the service response message.

In one embodiment, the encryption processing module is further configured to perform: and randomly screening a target key from a preset second key set as an updated key corresponding to the service response message when the fact that the receiving time of the service request is matched with the key updating time is detected.

According to a fourth aspect of the embodiments of the present disclosure, there is provided a processing apparatus for application data, including:

a service request response module configured to execute a service request in response to a target account, the service request being sent to a server;

the response data receiving module is configured to execute receiving response encryption data and an update key returned by a server according to the service request, wherein the response encryption data is obtained by encrypting a service response message by the server by using the update key, the service response message is generated by the server according to plaintext data of service parameters, the plaintext data of the service parameters are obtained by decrypting the service parameters in the service request, and the update key is generated by the server under the condition that the current state of the system is detected to be in accordance with a key update condition;

And the service processing module is configured to execute corresponding service processing on the response encrypted data according to the response encrypted data and the updating key.

In one embodiment, the service request response module includes: the disturbing parameter inserting unit is configured to insert disturbing parameters into the service request to obtain a disturbed service request, wherein the disturbing parameters are generated by carrying out semantic recognition on effective service parameters preset in the service request; an encryption unit configured to perform encryption of the scrambled service request using a preset key; and a transmitting unit configured to perform transmission of the scrambled and encrypted service request to the server.

In one embodiment, the scramble parameter insertion unit includes: an effective service parameter obtaining subunit configured to obtain an effective service parameter preset in the service request; a disturbing parameter generating subunit configured to perform semantic recognition on the effective service parameters, and generate corresponding disturbing parameters according to the semantic recognition result of the effective service parameters; a scrambling parameter insertion subunit configured to perform insertion of the scrambling parameter in the service request.

In one embodiment, the scrambling parameter generating subunit is configured to perform: splitting the effective service parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective service parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or, identifying the format of the characters in the effective service parameters, performing format conversion on the characters in the effective service parameters, and generating the disturbing parameters according to the characters after format conversion.

In one embodiment, the service processing module includes: a data processing mode obtaining unit configured to perform data processing modes for response encrypted data according to the type of a data interface for which the server returns the response encrypted data; a verification processing unit configured to perform verification processing on the response encrypted data according to the response encrypted data and an update key if a data processing manner of the response encrypted data is data verification; the display processing unit is configured to execute the display after decrypting the response encrypted data according to the updated key if the data processing mode of the response encrypted data is display; and the storage processing unit is configured to store the response encrypted data and the update key if the data processing mode of the response encrypted data is storage.

In one embodiment, the authentication processing unit is configured to perform: acquiring an estimated value of the service response message generated by the server according to the service request; encrypting the estimated value of the service response message by adopting the updated key to obtain encrypted response estimated encryption data; if the response estimation encryption data is matched with the response encryption data, verifying the response encryption data; and if the response estimation encryption data is not matched with the response encryption data, the verification of the response encryption data is not passed.

According to a fifth aspect of embodiments of the present disclosure, there is provided a computer device comprising: a processor; a memory for storing the processor-executable instructions; wherein the processor is configured to execute the instructions to cause the computer device to perform the method of processing application data as described in any embodiment of the first aspect or to perform the method of processing application data as described in any embodiment of the second aspect.

According to a sixth aspect of embodiments of the present disclosure, there is provided a storage medium, which when executed by a processor of a computer device, enables the computer device to perform the method of processing application data described in any one of the embodiments of the first aspect or to perform the method of processing application data described in any one of the embodiments of the second aspect.

According to a seventh aspect of embodiments of the present disclosure, there is provided a computer program product comprising a computer program stored in a readable storage medium, from which at least one processor of a device reads and executes the computer program, such that the device performs the method of processing application data as described in any of the embodiments of the first aspect or performs the method of processing application data as described in any of the embodiments of the second aspect.

The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects:

the service parameters in the service request are decrypted through responding to the service request of the client to obtain plaintext data of the service parameters, service response information is generated according to the plaintext data of the service parameters, whether the current state of the system meets the key updating condition is detected, an updating key corresponding to the service response information is determined under the condition that the current state of the system meets the key updating condition, the service response information is encrypted by utilizing the updating key to obtain response encrypted data, and accordingly response encrypted data and the updating key are returned to the client to instruct the client to perform corresponding service processing. The server in the present disclosure determines the update key corresponding to the service response message by detecting whether the current state of the system meets the key update condition after receiving the service request and generating the service response message each time, and encrypts the service response message to obtain and transmit the response encrypted data, thereby improving the security of the data in the transmission process, and avoiding the situation that the key is not easy to be acquired by an attacker due to the fixed key in the conventional technology, and further self-decrypting and implementing the attack application.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure and do not constitute an undue limitation on the disclosure.

Fig. 1 is an application environment diagram illustrating a method of processing application data according to an exemplary embodiment.

Fig. 2 is a flow chart illustrating a method of processing application data according to an exemplary embodiment.

Fig. 3 is a flow diagram illustrating the encryption steps for a service response message, according to an exemplary embodiment.

Fig. 4 is a flow diagram illustrating steps for inserting scrambling parameters in a service response message according to an exemplary embodiment.

Fig. 5 is a flow chart illustrating the steps of generating a random key according to an exemplary embodiment.

Fig. 6 is a flowchart illustrating a method of processing application data according to another exemplary embodiment.

Fig. 7 is a flow chart illustrating steps for sending a service request instruction to a server, according to an exemplary embodiment.

Fig. 8 is an interactive schematic diagram illustrating a method of processing application data according to an exemplary embodiment.

Fig. 9 is a block diagram illustrating an apparatus for processing application data according to an exemplary embodiment.

Fig. 10 is a block diagram of a processing apparatus of application data according to another exemplary embodiment.

Fig. 11 is an internal structural diagram of a computer device, according to an exemplary embodiment.

Fig. 12 is an internal structural diagram of a server shown according to an exemplary embodiment.

Detailed Description

In order to enable those skilled in the art to better understand the technical solutions of the present disclosure, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.

It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the foregoing figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the disclosure described herein may be capable of operation in sequences other than those illustrated or described herein. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.

The processing method of application data provided by the present disclosure may be applied to an application environment as shown in fig. 1. Wherein the terminal 110 interacts with the server 120 through a network. The terminal 110 may be, but not limited to, various electronic devices such as a personal computer, a notebook computer, a smart phone, a tablet computer, and a portable wearable device, and the server 120 may be implemented by a separate server or a server cluster formed by a plurality of servers. Specifically, the terminal 110 is provided with a client of an application program, where the application program may be a client/server application program (i.e. a C/S mode application program) or a browser/server application program (i.e. a web application program based on a B/S model), and a service platform of the corresponding application program is deployed on the server 120. The processing method of application data provided in the present embodiment may be applied to the terminal 110 or the server 120, so as to implement processing of application data in an interaction process between the two, thereby improving security of application data in a transmission process, and the processing method of application data in the present disclosure is further described below based on different application scenarios.

Fig. 2 is a flowchart illustrating a method for processing application data according to an exemplary embodiment, and as shown in fig. 2, the method is applied to the server in fig. 1, for example, and includes the following steps.

In step S210, in response to the service request of the client, the service parameters in the service request are decrypted, so as to obtain plaintext data of the service parameters.

The service request may be generated by the client based on the request of the account for the application service, which is an instruction or command for requesting the corresponding application service from the server, and specifically, the application service may be a service that can be provided by the server, for example, may be a client login service, a resource request service, or a Web service. The service request generally includes corresponding service parameters, and it is understood that, for different specific application services, the service parameters for generating the service request are different. In general, the service parameters include the self-carried parameters of the client based on the application service and the input parameters of the account, and since the input parameters of the account may relate to sensitive information of the account, in order to avoid information leakage, the client generally encrypts the service parameters when generating the service request. Therefore, after the server receives the service request of the client, the server needs to decrypt the service parameters in the service request, so as to obtain the plaintext data of the service parameters in the service request.

In step S220, a service response message is generated according to the plain text data of the service parameter.

Wherein the service response message is a response message returned by the server to the client based on the service request. In this embodiment, the server decrypts the received service request of the client, performs corresponding service flow processing based on the plaintext data of the decrypted service parameter, and generates a service response message corresponding to the service parameter.

In step S230, it is detected whether the current state of the system meets the key update condition.

The key update condition may be a preset condition for performing key update, including but not limited to a time condition, a device condition, and the like. For example, the time condition may be a condition that is set in advance to perform the key update at a certain interval time, such as performing the key update once every two hours. The device condition may then refer to the type of client sending the service request, e.g. when a change in the type of client sending the service request is detected, then a key update is performed. Because the key used by both parties participating in encryption and decryption is fixed in the encryption processing process of application data by adopting a symmetrical encryption mode in the traditional technology, key leakage is easy to occur in the key transmission and storage process, and thus the risk of application attack is very easy to occur. Based on this, in this embodiment, after the server receives the service request and generates the service response message, based on the preset condition for performing the key update, whether the current state of the system meets the key update condition is detected, if it is detected that the current state of the system meets the key update condition, step S240 is executed to perform the key update, and the update key is used to encrypt the service response message, so as to avoid the situation that in the conventional technology, the key is not easy to be acquired by an attacker due to the fact that the key is fixed, and then the attack application is decrypted by oneself; and if the current state of the system is detected to be not in accordance with the key updating condition, encrypting the service response message by adopting the original key.

In step S240, in the case where the current state of the system meets the key update condition, an update key corresponding to the service response message is determined, and the service response message is encrypted with the update key, to obtain response encrypted data.

Wherein, the updated key corresponding to the service response message refers to the updated key that encrypts the service response message. In this embodiment, by means of presetting a key set, when the current state of the system meets a key update condition, a key is selected from the preset key set as an update key corresponding to a service response message, and the service response message is encrypted by using the update key, so as to obtain response encrypted data, thereby improving the security of the data in the transmission process.

In step S250, response encrypted data and the update key are returned to the client.

Wherein the update key is used to decrypt the response encrypted data. In this embodiment, the response encrypted data and the update key are returned to the client to instruct the client to perform corresponding service processing according to the response encrypted data and the update key. Specifically, the service processing includes: if the client determines that the response encrypted data needs to be subjected to data verification based on the response encrypted data, the client performs ciphertext verification processing on the response encrypted data according to the response encrypted data and the update key; if the client determines that the data display is required based on the response encrypted data, the client decrypts and displays the response encrypted data according to the updated key; if the client determines that data storage is required based on the response encrypted data, the client saves the response encrypted data and the update key locally.

According to the processing method of the application data, the service parameters in the service request are decrypted through responding to the service request of the client to obtain the plaintext data of the service parameters, the service response message is generated according to the plaintext data of the service parameters, whether the current state of the system meets the key updating condition is further detected, the updating key corresponding to the service response message is determined under the condition that the current state of the system meets the key updating condition, the service response message is encrypted by utilizing the updating key to obtain the response encrypted data, and the response encrypted data and the updating key are returned to the client to instruct the client to perform corresponding service processing. The server in the present disclosure determines the update key corresponding to the service response message by detecting whether the current state of the system meets the key update condition after receiving the service request and generating the service response message each time, and encrypts the service response message to obtain and transmit the response encrypted data, thereby improving the security of the data in the transmission process, and avoiding the situation that the key is not easy to be acquired by an attacker due to the fixed key in the conventional technology, and further self-decrypting and implementing the attack application.

In an exemplary embodiment, as shown in fig. 3, in step S240, the service response message is encrypted with the update key, which may be implemented specifically by:

in step S310, a scrambling parameter is inserted into the service response message, and a scrambled service response message is obtained.

The disturbing parameter is a nonsensical parameter for confusing the service response message, specifically, the disturbing parameter is different from a preset effective response parameter in the service response message, and is generated by performing semantic recognition on the preset effective response parameter in the service response message. The preset effective response parameters in the service response message may refer to sensitive information in the service response message, and after obtaining the information, an attacker may use the information to perform unauthorized operation or inject attack behavior, so as to cause the application to be attacked. Based on this, in order to avoid more sensitive information leakage in the service response message, and simultaneously to avoid that the disturbing parameter interferes with the identification of the effective response parameter in the service response message by the client, a disturbing parameter different from the preset effective response parameter is inserted into the service response message to obtain the disturbed service response message, and because the disturbing parameter is generated after semantic identification is performed on the preset effective response parameter in the service response message, the purpose of confusion of the service response message can be achieved.

In step S320, the scrambled service response message is encrypted using the update key.

Specifically, the scrambled service response message is encrypted by using the update key, thereby obtaining scrambled and encrypted response encrypted data.

In this embodiment, in order to further improve the security of application data transmission, a scrambled service response message is obtained by inserting a scrambling parameter into the service response message, and the scrambled service response message is encrypted by using an update key, so as to obtain scrambled and encrypted response encrypted data. Because the disturbing parameters are inserted into the service response message and encrypted by adopting the updated key, the security risk caused by the fact that an attacker tampers the parameters can be effectively prevented.

In an exemplary embodiment, as shown in fig. 4, in step S310, a scrambling parameter is inserted in a service response message, which may be specifically implemented by the following steps:

in step S410, a valid response parameter preset in the service response message is acquired.

The preset effective response parameters in the service response message may refer to sensitive information in the service response message, and after obtaining the information, an attacker may use the information to perform unauthorized operation or inject attack behavior, so as to cause the application to be attacked. It will be appreciated that the service response messages corresponding thereto may be different for different application services, and thus, the present embodiment may set different valid response parameters for the service response messages corresponding thereto based on different application services in advance. For example, taking an application service as a Web service as an example, since an HTTP (Hyper Text Transfer Protocol ) status code generated by a Web server based on a service request is sensitive, the HTTP status code may be set in advance as a valid response parameter in a Web service response message.

In step S420, the valid response parameters are semantically identified, and corresponding disturbing parameters are generated according to the semantic identification results of the valid response parameters.

The semantic recognition is to obtain the specific meaning of the effective response parameters. The semantic recognition result may be a specific meaning of the effective response parameter obtained after the semantic recognition of the effective response parameter. In this embodiment, by performing semantic recognition on the effective response parameters, a semantic recognition result of the effective response parameters is obtained, and then a corresponding disturbing parameter is generated according to the semantic recognition result. For example, for a normal parameter with an effective response parameter of username, the user can be used as a corresponding disturbing parameter through semantic recognition, and for a normal parameter with an effective response parameter of password, the pass can be used as a corresponding disturbing parameter through semantic recognition, so that the purpose of confusion disturbing the effective response parameter is achieved. In order to avoid more sensitive information leakage in the service response message and avoid the disturbing parameters from disturbing the identification of the effective response parameters in the service response message by the client, the embodiment generates disturbing parameters different from the effective response parameters and generates corresponding disturbing parameters based on the semantic identification result of the effective response parameters, so that the attack cannot distinguish which parameters are really needed data, thereby achieving the purpose of confusion disturbing the effective response parameters.

In an exemplary embodiment, the generation of the corresponding scramble parameter by the semantic identification result of the valid response parameter may be the generation of the scramble parameter having the same or similar meaning as the valid response parameter based on the semantic identification result of the valid response parameter. For example, by performing semantic recognition on the effective response parameters, if the effective response parameters have corresponding shorthand modes based on the semantic recognition result, corresponding disturbance parameters are generated based on the shorthand modes of the effective response parameters, namely, the shorthand modes of the effective response parameters are used as the corresponding disturbance parameters. If the effective response parameter is a shorthand way of corresponding semantics, acquiring the complete content of the effective response parameter based on the shorthand way of the effective response parameter, and taking the acquired complete content as a disturbing parameter corresponding to the effective response parameter.

In an exemplary embodiment, the corresponding disturbing parameters are generated through the semantic recognition result of the effective response parameters, the effective response parameters can be split to obtain a plurality of split character strings, and the similarity between each character string and the effective response parameters is obtained, so that the character string with the highest similarity is used as the disturbing parameter. For example, if a certain effective response parameter is "username", splitting the effective response parameter to obtain two split character strings, "user" and "name", and respectively obtaining the similarity between the two character strings and the effective response parameter, so that the character string with the highest similarity is used as the disturbing parameter.

In an exemplary embodiment, the corresponding scramble parameter is generated according to the semantic recognition result of the valid response parameter, or the format of the character in the valid response parameter is recognized, format conversion is performed on the character in the valid response parameter, and the corresponding scramble parameter is generated according to the character after format conversion. Wherein, the characters comprise letters, numbers, common symbols and the like; the format of the characters includes, but is not limited to, the case of letters, different writing modes of numbers, and the form of input of common symbols in different input modes. The format conversion of the character may be to convert the case of the letter, to convert different writing modes of the number, or to convert the form of the common symbol by inputting the common symbol in different input modes.

In step S430, a scrambling parameter is inserted in the service response message.

Because the disturbing parameters obtained by the steps are similar or similar to the effective response parameters in terms of semantics, even if an attacker can obtain the service response message after inserting the disturbing parameters into the service response message, the attacker does not know which effective response parameters in the service response message are, and the data cannot be modified in a plaintext manner, so that the security risk caused by the falsification of the parameters by the attacker can be effectively prevented, and the security of the data is further improved.

In an exemplary embodiment, in step S230, detecting whether the current state of the system meets the key update condition specifically includes: and acquiring the type of the client currently sending the service request, and if the type of the client is changed, detecting that the current state of the system meets the key updating condition. The type of the client may be a type of an environment in which the client runs, for example, including but not limited to ios client, android client, PC client, mobile client, etc.; but may also be the type of application itself to which the client corresponds, including, for example, but not limited to, web clients, weChat clients, short video clients, etc. Specifically, when a service request of a client is received, the service request may be parsed, so as to obtain a type of the client that sends the service request. The key update condition refers to a condition for performing key update. The type of the client being changed means that the type of the client corresponding to the currently received service request is different from the type of the client corresponding to the last received service request. In this embodiment, when it is detected that the type of the client corresponding to the currently received service request is changed, it is determined that the current state of the system accords with the key update condition.

In an exemplary embodiment, in step S230, detecting whether the current state of the system meets the key update condition specifically includes: and acquiring the receiving time of the receiving service request, and detecting that the current state of the system meets the key updating condition when the receiving time is matched with the key updating time. The receiving time of receiving the service request refers to a receiving time point of the server receiving the service request. The key update time refers to the time when the key update condition is reached. In the present embodiment, the condition for performing the key update at a certain interval time, such as performing the key update once every two hours, may be set in advance. Therefore, the embodiment obtains the receiving time of the service request, and judges that the receiving time is matched with the key updating time, and when the receiving time is matched with the key updating time, the current state of the system is detected to meet the key updating condition.

As shown in fig. 5, in step S240, in the case where the current state of the system meets the key update condition, determining the update key corresponding to the service response message may be implemented by:

in step S510, when it is detected that the type of the client currently transmitting the service request is changed, a first key set corresponding to the type of the client is acquired.

In step S520, the target key is randomly screened from the first key set as an updated key corresponding to the service response message.

The first key set is a set for storing a plurality of keys, and in order to distinguish the selection of the key sets in different application scenarios, the embodiment may also be different, so as to distinguish different key sets through a first mode, a second mode, and the like. Specifically, there may be a plurality of first key sets, and each first key set may correspond to a different type of client, that is, each first key set has a one-to-one mapping relationship with the type of client. Therefore, after the type of the client sending the service request is obtained through the steps, whether the type of the client sending the service request is changed currently can be detected, and when the type of the client sending the service request is detected to be changed currently, a first key set corresponding to the type of the client sending the service request currently is obtained, and a target key is randomly screened from the first key set to be used as an update key corresponding to the service response message which is generated currently.

In this embodiment, in order to avoid the security problem caused by the leakage of the key in the transmission process, the corresponding relationship between the key set and the type of the client is set, so that the target key is randomly screened from the corresponding key set as the updated key according to the type of the client sending the service request, thereby greatly reducing the security risk caused by the leakage of the key.

In an exemplary embodiment, in step S240, in the case where the current state of the system meets the key update condition, determining the update key corresponding to the service response message may specifically include: when the fact that the receiving time of the service request is matched with the key updating time is detected, randomly screening a target key from a preset second key set to serve as an updating key corresponding to the service response message.

Wherein the second set of keys has a plurality of keys stored therein. Specifically, when the fact that the receiving time of the service request is matched with the key updating time is detected, randomly screening a target key from a preset second key set, and encrypting the service response message by using the target key as an updating key corresponding to the service response message.

Further, after randomly screening the target key from the preset second key set, the valid time range of the target key can be generated based on the target key and the current moment, so that whether the current state of the system meets the key updating condition is detected based on the valid time range of the target key. The valid time range of the target key comprises a valid starting time point and a valid ending time point of the target key, and when the valid ending time point of the target key arrives, the fact that the current state of the system accords with the key updating condition is detected.

In this embodiment, by setting the key update time or the effective time range of the key to perform the key update, not only the security problem caused by the fact that the key is fixed for a long time can be avoided, but also the problem that the processing speed is slow due to frequent updating of the key when the server processes the service request in high concurrency can be avoided, so that the processing performance of the server is greatly improved on the premise of considering the security.

Fig. 6 is a flowchart illustrating a processing method of application data according to an exemplary embodiment, and as shown in fig. 6, an example of application of the method to the terminal in fig. 1 is described, including the following steps.

In step S610, in response to the service request of the target account, the service request is transmitted to the server.

The service request is an instruction or a command for requesting a corresponding application service from the server, and specifically, the application service may be a service that can be provided by the server, for example, a client login service, a resource request service, or a Web service. The target account is an account requesting application services from the server through the client. In this embodiment, when the target account needs to request the application service from the server, a service request is initiated by a client installed on the terminal, and the client responds to the service request of the target account and sends the service request to the server.

In step S620, the receiving server encrypts the data and updates the key according to the response returned by the service request.

The server encrypts the service response message by using an update key, the service response message is generated by the server according to plaintext data of service parameters, the plaintext data of the service parameters is obtained by decrypting the service parameters in the service request by the server, and the update key is generated when the server detects that the current state of the system meets the key update condition. In this embodiment, after the client sends a service request to the server, the server decrypts the service request, so as to obtain plaintext data of service parameters in the service request, and performs corresponding flow processing based on the decrypted plaintext data, so as to generate a service response message corresponding to the service request. Because sensitive information may be involved in the service response message, the server may detect whether the current state of the system meets the key updating condition before transmitting the service response message to the client, determine an updating key corresponding to the service response message when detecting that the current state of the system meets the key updating condition, encrypt the service response message through the updating key, thereby obtaining encrypted response encrypted data, and further return the encrypted response encrypted data and the updating key to the client.

In step S630, corresponding service processing is performed on the response encrypted data according to the response encrypted data and the update key.

The service processing is a data processing mode for the response encrypted data, which is determined based on the type of the data interface for transmitting the response encrypted data. It will be appreciated that the manner in which data is processed for the response encrypted data is different for different types of data interfaces that transmit the response encrypted data. Specifically, if the client determines that the response encrypted data needs to be subjected to data verification based on the data interface type of the response encrypted data, the client performs ciphertext verification processing on the response encrypted data according to the response encrypted data and the update key; if the client determines that the data display is required based on the data interface type of the response encrypted data, the client decrypts and displays the response encrypted data according to the updated key; if the client determines that data storage is required based on the data interface type of the response encrypted data, the client saves the response encrypted data and the update key locally.

According to the application data processing method, the service request is sent to the server by responding to the service request of the target account, the response encrypted data and the update key returned by the server according to the service request are received, and then corresponding service processing is carried out on the response encrypted data according to the response encrypted data and the update key. The service response message is encrypted by the updated key and then transmitted to the client, so that the security of the data in the transmission process is greatly improved.

In an exemplary embodiment, as shown in fig. 7, in step S610, a service request is sent to a server, which may be specifically implemented by the following steps:

in step S611, a disturbing parameter is inserted into the service request, and a disturbed service request is obtained.

The disturbing parameter is a meaningless parameter for confusing the service request, specifically, the disturbing parameter is different from an effective service parameter preset in the service request, and is generated by performing semantic recognition on the effective service parameter preset in the service request. The preset effective service parameters in the service request may be sensitive information in the service request, and after obtaining the information, an attacker may use the information to perform unauthorized operation or inject attack behavior, so as to cause the application to be attacked. Based on this, in order to avoid more sensitive information leakage in the service request, and to avoid the disturbing parameter interfering with the identification of the server to the effective service parameter in the service request, a disturbing parameter different from the preset effective service parameter is inserted into the service request to obtain the disturbed service request, and because the disturbing parameter is generated by performing semantic identification on the preset effective service parameter in the service request, the purpose of confusion on the service request can be achieved.

In step S612, the scrambled service request is encrypted using a preset key.

The preset key may be a symmetric key or an asymmetric key agreed with the server, so that the server can decrypt the received encrypted service request conveniently.

In step S613, a scrambled and encrypted service request is transmitted to the server.

In this embodiment, the client encrypts the scrambled service request by using the preset key, and sends the scrambled and encrypted service request to the server, so as to avoid the security problem caused by interception of the plaintext service request in the transmission process.

In an exemplary embodiment, inserting the scrambling parameter in the service request may specifically include: acquiring preset effective service parameters in a service request; carrying out semantic recognition on the effective service parameters, and generating corresponding disturbing parameters according to semantic recognition results of the effective service parameters; the scrambling parameter is inserted in the service request. The specific implementation process of inserting the scrambling parameter in this embodiment may refer to the flow shown in fig. 4, which is not described in detail in this embodiment.

In an exemplary embodiment, the generating the corresponding disturbing parameter according to the semantic identification result of the valid service parameter may specifically include: splitting the effective service parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective service parameters, wherein the character string with the highest similarity is used as a disturbing parameter; or, recognizing the format of the characters in the effective service parameters, performing format conversion on the characters in the effective service parameters, and generating scrambling parameters according to the characters after format conversion.

In an exemplary embodiment, performing corresponding service processing on the response encrypted data according to the response encrypted data and the update key, including: and acquiring a data processing mode of the response encrypted data according to the type of the data interface of the response encrypted data returned by the server. The data interface type may be classified based on different processing modes of the interface returning specific data, for example, for the interface returning the personal information page, the client is usually required to perform plaintext presentation on the returned data, so that the interface can be divided into interfaces returning presentation data; for interfaces that return authentication data, the client is required to authenticate the return data, and thus, such interfaces may be divided into interfaces that return authentication data. Based on the above, the data interfaces returning response encrypted data can be classified in advance according to different processing modes of the interfaces returning specific data, and further after the client receives the response encrypted data returned by the server, the data processing mode of the received response encrypted data can be obtained according to the corresponding data interface type. Specifically, if the data processing mode of the response encrypted data is obtained according to the data interface type, the response encrypted data can be subjected to verification processing according to the response encrypted data and the update key; if the data processing mode of the response encrypted data is obtained according to the type of the data interface to be displayed, the response encrypted data can be displayed after being decrypted according to the updated secret key; if the data processing mode of the response encrypted data is obtained according to the data interface type and is stored, the response encrypted data and the update key can be stored locally.

Further, the verification processing of the response encrypted data according to the response encrypted data and the update key may specifically include: the estimated value of the service response message generated by the server is obtained according to the service request, wherein the estimated value refers to a return value of the service response message generated by the server estimated by the client based on the sent service request, for example, if the service request sent by the client is an instruction for requesting login, the client may estimate that the server will return a return value of "login success" or "login failure". Because the server encrypts the service response message by updating the key and returns encrypted response encrypted data to the client when returning the service response message, in this embodiment, when the client performs data verification, the response encrypted data returned by the server may be verified in the form of ciphertext. Based on the above, after obtaining the estimated value of the server generated service response message, the client may encrypt the estimated value of the generated service response message by using the update key, thereby obtaining encrypted response estimated encrypted data, and further judging whether the response estimated encrypted data is matched with the response encrypted data sent by the server so as to verify the response encrypted data. Specifically, if the response estimation encryption data is matched with the response encryption data, the verification of the response encryption data is passed; if the response estimation encryption data does not match the response encryption data, the verification of the response encryption data is not passed. In the embodiment, the client performs verification processing on the response encrypted data returned by the server in a ciphertext mode, so that the verification reliability is improved, and the security risk caused by processing the response encrypted data by the client after the response encrypted data is tampered maliciously is avoided.

In an exemplary embodiment, as shown in fig. 8, the following further describes a processing method of application data of the present disclosure through interaction between a terminal and a server, including:

in step 801, a terminal receives a service request for a target account.

Step 802, the terminal inserts a disturbing parameter into the service request to obtain a disturbed service request.

In step 803, the terminal encrypts the scrambled service request using a preset key.

In step 804, the terminal sends the scrambled and encrypted service request to the server.

In step 805, the server parses the service request to obtain plaintext data for the service parameters.

At step 806, the server generates a service response message based on the plain text data of the service parameters.

In step 807, the server inserts the scrambling parameter into the service response message, resulting in a scrambled service response message.

In step 808, the server detects whether the current state meets the key update condition.

Step 809, when the server detects that the current state meets the key update condition, determining an update key corresponding to the service response message, and encrypting the scrambled service response message by using the update key to obtain response encrypted data.

The server returns response encrypted data and the update key to the terminal, step 810.

In step 811, the terminal obtains the type of data interface of the response encrypted data returned by the server, and determines the data processing mode of the response encrypted data.

And step 812, the terminal performs corresponding processing on the response encrypted data and the update key according to the determined data processing mode.

According to the processing method of the application data, the disturbing parameters are inserted into the service request and service response information, so that an attacker can hardly distinguish which parameters are really needed data, and the data after the disturbing parameters are inserted are encrypted and transmitted, so that the safety of the data in the transmission process is improved.

It should be understood that, although the steps in the flowcharts of fig. 1-8 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in FIGS. 1-8 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.

Fig. 9 is a block diagram of an apparatus for processing application data according to an exemplary embodiment. Referring to fig. 9, the apparatus includes a service parameter acquisition module 901, a service response message generation module 902, a detection module 903, an encryption processing module 904, and a data transmission module 905.

The service parameter obtaining module 901 is configured to execute a service request responding to a client, and decrypt service parameters in the service request to obtain plaintext data of the service parameters;

a service response message generation module 902 configured to execute plaintext data according to the service parameter, and generate a service response message;

a detection module 903 configured to perform detecting whether the current state of the system meets a key update condition;

an encryption processing module 904 configured to determine an update key corresponding to the service response message in case the current state of the system meets the key update condition, and encrypt the service response message with the update key to obtain response encrypted data;

a data transmission module 905 configured to perform transmission of the response encrypted data and a refreshing key for decrypting the response encrypted data to the client.

In an exemplary embodiment, the encryption processing module includes: a disturbing parameter inserting unit configured to insert a disturbing parameter into the service response message to obtain a disturbed service response message, wherein the disturbing parameter is generated by performing semantic recognition on an effective response parameter preset in the service response message; and an encryption unit configured to perform encryption of the scrambled service response message using the update key.

In an exemplary embodiment, the scramble parameter insertion unit includes: an effective response parameter obtaining subunit configured to perform obtaining an effective response parameter preset in the service response message; a disturbing parameter generating subunit configured to perform semantic recognition on the effective response parameters, and generate corresponding disturbing parameters according to the semantic recognition result of the effective response parameters; a scrambling parameter insertion subunit configured to perform insertion of the scrambling parameter in the service response message.

In an exemplary embodiment, the scrambling parameter generating subunit is configured to perform: splitting the effective response parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective response parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or, identifying the format of the characters in the effective response parameters, performing format conversion on the characters in the effective response parameters, and generating the disturbing parameters according to the characters after format conversion.

In an exemplary embodiment, the detection module is configured to perform: acquiring the type of a client currently sending the service request, and if the type of the client is changed, detecting that the current state of the system meets a key updating condition; or acquiring the receiving time of the service request, and detecting that the current state of the system meets the key updating condition when the receiving time is matched with the key updating time.

In an exemplary embodiment, the encryption processing module is further configured to perform: when detecting that the type of the client currently sending the service request is changed, acquiring a first key set corresponding to the type of the client; randomly screening a target key from the first key set as an updated key corresponding to the service response message.

In an exemplary embodiment, the encryption processing module is further configured to perform: and randomly screening a target key from a preset second key set as an updated key corresponding to the service response message when the fact that the receiving time of the service request is matched with the key updating time is detected.

The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.

Fig. 10 is a block diagram of a processing apparatus for application data according to an exemplary embodiment. Referring to fig. 10, the apparatus includes a service request response module 1001, a response data receiving module 1002, and a service processing module 1003.

A service request response module 1001 configured to execute a service request in response to a target account, the service request being sent to a server;

a response data receiving module 1002, configured to perform receiving response encrypted data and an update key returned by the server according to the service request, where the response encrypted data is obtained by encrypting a service response message by using the update key, the service response message is generated by the server according to plaintext data of a service parameter, the plaintext data of the service parameter is obtained by decrypting the service parameter in the service request, and the update key is generated by the server when detecting that the current state of the system meets a key update condition;

a service processing module 1003 configured to perform corresponding service processing on the response encrypted data according to the response encrypted data and the update key.

In an exemplary embodiment, the service request response module includes: the disturbing parameter inserting unit is configured to insert disturbing parameters into the service request to obtain a disturbed service request, wherein the disturbing parameters are generated by carrying out semantic recognition on effective service parameters preset in the service request; an encryption unit configured to perform encryption of the scrambled service request using a preset key; and a transmitting unit configured to perform transmission of the scrambled and encrypted service request to the server.

In an exemplary embodiment, the scramble parameter insertion unit includes: an effective service parameter obtaining subunit configured to obtain an effective service parameter preset in the service request; a disturbing parameter generating subunit configured to perform semantic recognition on the effective service parameters, and generate corresponding disturbing parameters according to the semantic recognition result of the effective service parameters; a scrambling parameter insertion subunit configured to perform insertion of the scrambling parameter in the service request.

In an exemplary embodiment, the scrambling parameter generating subunit is configured to perform: splitting the effective service parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective service parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or, identifying the format of the characters in the effective service parameters, performing format conversion on the characters in the effective service parameters, and generating the disturbing parameters according to the characters after format conversion.

In an exemplary embodiment, the service processing module includes: a data processing mode obtaining unit configured to perform data processing modes for response encrypted data according to the type of a data interface for which the server returns the response encrypted data; a verification processing unit configured to perform verification processing on the response encrypted data according to the response encrypted data and an update key if a data processing manner of the response encrypted data is data verification; the display processing unit is configured to execute the display after decrypting the response encrypted data according to the updated key if the data processing mode of the response encrypted data is display; and the storage processing unit is configured to store the response encrypted data and the update key if the data processing mode of the response encrypted data is storage.

In an exemplary embodiment, the authentication processing unit is configured to perform: acquiring an estimated value of the service response message generated by the server according to the service request; encrypting the estimated value of the service response message by adopting the updated key to obtain encrypted response estimated encryption data; if the response estimation encryption data is matched with the response encryption data, verifying the response encryption data; and if the response estimation encryption data is not matched with the response encryption data, the verification of the response encryption data is not passed.

Fig. 11 is a block diagram of an apparatus Z00 for applying a processing method of data according to an exemplary embodiment. For example, device Z00 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, exercise device, personal digital assistant, or the like.

Referring to fig. 11, device Z00 may include one or more of the following components: a processing component Z02, a memory Z04, a power component Z06, a multimedia component Z08, an audio component Z10, an input/output (I/O) interface Z12, a sensor component Z14, and a communication component Z16.

The processing component Z02 generally controls overall operation of the device Z00, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component Z02 may include one or more processors Z20 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component Z02 may include one or more modules that facilitate interactions between the processing component Z02 and other components. For example, the processing component Z02 may include a multimedia module to facilitate interaction between the multimedia component Z08 and the processing component Z02.

The memory Z04 is configured to store various types of data to support operations at the device Z00. Examples of such data include instructions for any application or method operating on device Z00, contact data, phonebook data, messages, pictures, video, and the like. The memory Z04 may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk.

The power supply component Z06 provides power to the various components of the device Z00. Power component Z06 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for device Z00.

The multimedia component Z08 comprises a screen between said device Z00 and the user providing an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component Z08 includes a front camera and/or a rear camera. The front camera and/or the rear camera may receive external multimedia data when the device Z00 is in an operation mode, such as a photographing mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component Z10 is configured to output and/or input an audio signal. For example, the audio component Z10 includes a Microphone (MIC) configured to receive external audio signals when the device Z00 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signal may be further stored in the memory Z04 or transmitted via the communication component Z16. In some embodiments, the audio component Z10 further comprises a speaker for outputting audio signals.

The I/O interface Z12 provides an interface between the processing component Z02 and a peripheral interface module, which may be a keyboard, click wheel, button, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

Sensor assembly Z14 includes one or more sensors for providing status assessment of various aspects of device Z00. For example, sensor assembly Z14 may detect the on/off state of device Z00, the relative positioning of the assemblies, such as the display and keypad of device Z00, the sensor assembly Z14 may also detect the change in position of device Z00 or a component of device Z00, the presence or absence of user contact with device Z00, the orientation or acceleration/deceleration of device Z00, and the change in temperature of device Z00. The sensor assembly Z14 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly Z14 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly Z14 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component Z16 is configured to facilitate wired or wireless communication between the device Z00 and other devices. Device Z00 may access a wireless network based on a communication standard, such as WiFi, an operator network (e.g., 2G, 3G, 4G, or 5G), or a combination thereof. In one exemplary embodiment, the communication component Z16 receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component Z16 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, device Z00 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the methods described above.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory Z04, comprising instructions executable by processor Z20 of device Z00 to perform the above-described method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.

Fig. 12 is a block diagram of an apparatus S00 for applying a processing method of data according to an exemplary embodiment. For example, device S00 may be a server. Referring to fig. 12, device S00 includes a processing component S20 that further includes one or more processors, and memory resources represented by memory S22, for storing instructions, such as applications, executable by processing component S20. The application program stored in the memory S22 may include one or more modules each corresponding to a set of instructions. Further, the processing component S20 is configured to execute instructions to perform the processing method of application data described above.

Device S00 can also include a power component S24 configured to perform power management of device S00, a wired or wireless network interface S26 configured to connect device S00 to a network, and an input/output (I/O) interface S28. Device S00 may operate based on an operating system stored in memory S22, such as Windows Server, mac OS X, unix, linux, freeBSD, or the like.

In an exemplary embodiment, a storage medium is also provided, such as a memory S22, comprising instructions executable by a processor of the device S00 to perform the above method. The storage medium may be a non-transitory computer readable storage medium, which may be, for example, ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims

1. A method for processing application data, comprising:

Returning the response encrypted data and an update key to the client, wherein the update key is used for decrypting the response encrypted data;

the encrypting the service response message using the update key includes: inserting disturbing parameters into the service response message to obtain a disturbed service response message, wherein the disturbing parameters are generated by carrying out semantic recognition on effective response parameters preset in the service response message; and encrypting the scrambled service response message by using the updated key.

2. The method of claim 1, wherein inserting a scrambling parameter in the service response message comprises:

acquiring preset effective response parameters in the service response message;

carrying out semantic recognition on the effective response parameters, and generating corresponding disturbance parameters according to semantic recognition results of the effective response parameters;

inserting the scrambling parameter in the service response message.

3. The method of claim 2, wherein the generating the corresponding scrambling parameters from the semantic recognition results of the valid response parameters comprises:

splitting the effective response parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective response parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or alternatively

And recognizing the format of the characters in the effective response parameters, carrying out format conversion on the characters in the effective response parameters, and generating the disturbing parameters according to the characters after format conversion.

4. The method of claim 1, wherein detecting whether the current state of the system meets a key update condition comprises:

acquiring the type of a client currently sending the service request, and if the type of the client is changed, detecting that the current state of the system meets a key updating condition; or alternatively

And acquiring the receiving time of the service request, and detecting that the current state of the system meets the key updating condition when the receiving time is matched with the key updating time.

5. The method of claim 4, wherein the determining the update key corresponding to the service response message if the current state of the system meets the key update condition comprises:

when detecting that the type of the client currently sending the service request is changed, acquiring a first key set corresponding to the type of the client;

randomly screening a target key from the first key set as an updated key corresponding to the service response message.

6. The method of claim 4, wherein the determining the update key corresponding to the service response message if the current state of the system meets the key update condition comprises:

and randomly screening a target key from a preset second key set as an updated key corresponding to the service response message when the fact that the receiving time of the service request is matched with the key updating time is detected.

7. A method for processing application data, comprising:

Corresponding business processing is carried out on the response encrypted data according to the response encrypted data and the updating key;

the sending the service request to the server includes: inserting disturbing parameters into the service request to obtain a disturbed service request, wherein the disturbing parameters are generated by carrying out semantic recognition on effective service parameters preset in the service request; encrypting the scrambled service request by using a preset secret key; and sending the scrambled and encrypted service request to the server.

8. The method of claim 7, wherein inserting a scrambling parameter in the service request comprises:

acquiring preset effective service parameters in the service request;

carrying out semantic recognition on the effective service parameters, and generating corresponding disturbing parameters according to semantic recognition results of the effective service parameters;

inserting the scrambling parameter in the service request.

9. The method of claim 8, wherein the generating the corresponding scrambling parameters from the semantic recognition results of the valid service parameters comprises:

splitting the effective service parameters to obtain a plurality of split character strings, and obtaining the similarity between each character string and the effective service parameters, wherein the character string with the highest similarity is used as the disturbing parameter; or alternatively

And recognizing the format of the characters in the effective service parameters, carrying out format conversion on the characters in the effective service parameters, and generating the disturbing parameters according to the characters after format conversion.

10. The method of claim 7, wherein said performing corresponding traffic processing on said response encrypted data based on said response encrypted data and a renewal key comprises:

acquiring a data processing mode of the response encrypted data according to the type of a data interface of the response encrypted data returned by the server;

if the data processing mode of the response encrypted data is data verification, verifying the response encrypted data according to the response encrypted data and the updating key;

if the data processing mode of the response encrypted data is display, decrypting the response encrypted data according to the updated key and displaying the decrypted response encrypted data;

and if the data processing mode of the response encrypted data is storage, storing the response encrypted data and the updating key.

11. The method of claim 10, wherein said validating said response encrypted data based on said response encrypted data and a renewal key comprises:

Acquiring an estimated value of the service response message generated by the server according to the service request;

encrypting the estimated value of the service response message by adopting the updated key to obtain encrypted response estimated encryption data;

if the response estimation encryption data is matched with the response encryption data, verifying the response encryption data;

and if the response estimation encryption data is not matched with the response encryption data, the verification of the response encryption data is not passed.

12. An apparatus for processing application data, comprising:

A data transmission module configured to perform transmission of the response encrypted data and a refreshing key for decrypting the response encrypted data to the client;

the encryption processing module includes: a disturbing parameter inserting unit configured to insert a disturbing parameter into the service response message to obtain a disturbed service response message, wherein the disturbing parameter is generated by performing semantic recognition on an effective response parameter preset in the service response message; and an encryption unit configured to perform encryption of the scrambled service response message using the update key.

13. The apparatus of claim 12, wherein the scrambling parameter insertion unit comprises:

an effective response parameter obtaining subunit configured to perform obtaining an effective response parameter preset in the service response message;

a disturbing parameter generating subunit configured to perform semantic recognition on the effective response parameters, and generate corresponding disturbing parameters according to the semantic recognition result of the effective response parameters;

a scrambling parameter insertion subunit configured to perform insertion of the scrambling parameter in the service response message.

14. The apparatus of claim 13, wherein the scrambling parameter generation subunit is configured to perform:

15. The apparatus of claim 12, wherein the detection module is configured to perform:

16. The apparatus of claim 15, wherein the encryption processing module is further configured to perform:

17. The apparatus of claim 15, wherein the encryption processing module is further configured to perform:

18. An apparatus for processing application data, comprising:

A service processing module configured to perform corresponding service processing on the response encrypted data according to the response encrypted data and the update key;

the service request response module includes: the disturbing parameter inserting unit is configured to insert disturbing parameters into the service request to obtain a disturbed service request, wherein the disturbing parameters are generated by carrying out semantic recognition on effective service parameters preset in the service request; an encryption unit configured to perform encryption of the scrambled service request using a preset key; and a transmitting unit configured to perform transmission of the scrambled and encrypted service request to the server.

19. The apparatus of claim 18, wherein the scrambling parameter insertion unit comprises:

an effective service parameter obtaining subunit configured to obtain an effective service parameter preset in the service request;

a disturbing parameter generating subunit configured to perform semantic recognition on the effective service parameters, and generate corresponding disturbing parameters according to the semantic recognition result of the effective service parameters;

a scrambling parameter insertion subunit configured to perform insertion of the scrambling parameter in the service request.

20. The apparatus of claim 19, wherein the scrambling parameter generation subunit is configured to perform:

21. The apparatus of claim 18, wherein the traffic processing module comprises:

a data processing mode obtaining unit configured to perform data processing modes for response encrypted data according to the type of a data interface for which the server returns the response encrypted data;

a verification processing unit configured to perform verification processing on the response encrypted data according to the response encrypted data and an update key if a data processing manner of the response encrypted data is data verification;

the display processing unit is configured to execute the display after decrypting the response encrypted data according to the updated key if the data processing mode of the response encrypted data is display;

And the storage processing unit is configured to store the response encrypted data and the update key if the data processing mode of the response encrypted data is storage.

22. The apparatus of claim 21, wherein the authentication processing unit is configured to perform:

23. A computer device, comprising:

a processor;

a memory for storing the processor-executable instructions;

wherein the processor is configured to execute the instructions to implement the method of processing application data according to any of claims 1 to 11.

24. A storage medium, which when executed by a processor of a computer device, enables the computer device to perform the method of processing application data according to any one of claims 1 to 11.